Description
A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
CVSS breakdown
Affected products
- Siemens / Opcenter Quality0 – V2406
- Siemens / Opcenter RDnL0 – V2410
- Siemens / SIMATIC PCS neo V4.00 – *
- Siemens / SIMATIC PCS neo V4.10 – V4.1 Update 2
- Siemens / SIMATIC PCS neo V5.00 – V5.0 Update 1
- Siemens / SINEC NMS0 – *
- Siemens / SINEMA Remote Connect Client0 – V3.2 SP3
- Siemens / Totally Integrated Automation Portal (TIA Portal) V160 – *
- Siemens / Totally Integrated Automation Portal (TIA Portal) V170 – V17 Update 8
- Siemens / Totally Integrated Automation Portal (TIA Portal) V180 – V18 Update 5
- Siemens / Totally Integrated Automation Portal (TIA Portal) V190 – V19 Update 3